can a brainwallet be used to generate a deterministic wallet? does that even make sense since i haven't studied brainwallets?
maybe i should ask, can a secret phrase be used to generate a deterministic wallet? then you wouldn't have to worry about change.
Theoretically: yes
Do I want you to? no
In fact, I've been having a long discussion with some of the bitcoin-qt devs about how to prevent users from doing this, or avoid the usual issues with it. Here's why I can't condone pure-brainwallets:
-- Bob A. create's a wallet and wants to never forget it, so he uses sha256("Bob is cool") as the basis for his deterministic wallet
-- Bob A. adds 500 BTC to this wallet then goes to bed
-- Bob
B., also a new user has the same idea and creates the same wallet by accident (or, equally likely, a malicious person starts trying lots of common passphrases in sha256(X) to try to find collisions -- you know it will happen [and probably already does]).
-- Bob
B. realizes there's all this money in his wallet that isn't his, transfers the 500 BTC to another address.
This sounds like user error to me. Sure, it is... but Bob A is not the only one that suffers:
-- Bob A. wakes up to find all his money gone.
-- Bob A. gets on IRC, bitcointalk, etc, and starts crying about his money being gone
-- Bob A. blames Armory for losing his money and claiming the program is insecure and keeps asking me to refund him.
-- I respond by spending 3 days digging into the allegations and trying to discover where the security vulnerability is
-- Other users dive in and start trying to track the stolen coins and posting warnings about Armory and security issues
-- Bob A. won't admit he used a $#!+ passphrase. It makes him look bad and doesn't get his coins back, so why would he?
No one wins in this situation, except for Bob B. This is why I'm working with the devs to develop a technique that only 1 out of 2^x passphrases is even valid, thus requiring Bob to either use a real RNG to generate his passphrase, or use a program to find an extra x bits of entropy to add to his passphrase that allows him to use it.
i.e. sha256("Bob is cool") is not a valid passphrase. But sha256("Bob is cool 1xbnw38kpq") is valid. It's still memorable, but no one will be colliding by accident and it will slow down malicious users by a factor of 1/2^x, probably making it entirely infeasible.
That's not to say that people aren't doing this now, and not to say it couldn't happen right now and that people won't find a way around it. I just want to minimize the occurrence of it, and my exposure to it when/if it does happen.
Fwhew! Now that that's out of the way. Think you should know that I'll be releasing a testing version tonight. Version 0.79.99-almost-beta! (that won't be official name). This version will actually be pretty much the same, except it should work on Win32 (though I haven't tested that part, yet), and it will be robust against the B2G bug (like Y2K, but Blockchain-2GB).
All my testing so far has shown that it works with two minor caveats:
(1) There's some rogue memory allocations that lead to 600-700 MB RAM usage overall -- this should be more like 200 MB after I fix it. But it will still be usable on most hardware. It does not appear to be a real memory leak, as the RAM consumption does not increase even when I leave it up for 2 days...
(2) Unconfirmed balances are not computed correctly. In fact, it's a tad bit confusing.
Neither cases are showstoppers compared to the client flat out not working when the blockchain hits 2 GB, so I will release as is, if I have to. Though I will try to fix both by the official release.
